Do i have to keep my iot device's source code open if i am using this library ?

[arihantdaga]

Hello @marvinroger I am not expert at how liecence works. But in github it shows that i must keep source code of the software open if i use this library. Does that also mean that if i make an IOT Device and in that device's firmware if i am using this library i have to keep the source code open. ??

[marvinroger]

Pretty much, yes. You can read this for a more detailed explanation : https://softwareengineering.stackexchange.com/a/86158

[chaymankala]

This is not an issue, but just a simple question. Can you tell me if its safe to use this function for random? Does it have any vulnerabilities like Arduino random()?

[marvinroger]

Yes, RANDOM_REG32 is an hardware random number generator, so it should be fine.

[chaymankala]

Thank you so much for the help! :)

[mengstr]

@marvinroger No, that's not really true according to the gnu faq at http://www.gnu.org/licenses/gpl-faq.en.html#LGPLStaticVsDynamic

It is enough to just supply obj files to allow for re-linking. No source is necessary. But of course in the case of a ESP8266/Arduino application that is not easy to do - nor would it be easy to use either, but it would fulfill the absolute requirements.

Does the LGPL have different requirements for statically vs dynamically linked modules with a covered work? (#LGPLStaticVsDynamic) For the purpose of complying with the LGPL (any extant version: v2, v2.1 or v3):

(1) If you statically link against an LGPL'd library, you must also provide your application in an object (not necessarily source) format, so that a user has the opportunity to modify the library and relink the application.

And even the license-blurb explanation here on GitHub says the following:

However, a larger work using the licensed work through interfaces provided by the licensed work may be distributed under different terms and without source code for the larger work.